Debian 10260 Published by

An opensc security update has been released for Debian GNU/Linux 9 LTS.



DLA 2832-1: opensc security update



- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2832-1 debian-lts@lists.debian.org
  https://www.debian.org/lts/security/ Adrian Bunk
November 29, 2021   https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : opensc
Version : 0.16.0-3+deb9u2
CVE ID : CVE-2019-15945 CVE-2019-15946 CVE-2019-19479 CVE-2020-26570
CVE-2020-26571 CVE-2020-26572
Debian Bug : 939668 939669 947383 972035 972036 972037

Several vulnerabilities were fixed in the OpenSC smart card utilities.

CVE-2019-15945

Out-of-bounds access of an ASN.1 Bitstring.

CVE-2019-15946

Out-of-bounds access of an ASN.1 Octet string.

CVE-2019-19479

Incorrect read operation in the Setec driver.

CVE-2020-26570

Heap-based buffer overflow in the Oberthur driver.

CVE-2020-26571

Stack-based buffer overflow in the GPK driver.

CVE-2020-26572

Stack-based buffer overflow in the TCOS driver.

For Debian 9 stretch, these problems have been fixed in version
0.16.0-3+deb9u2.

We recommend that you upgrade your opensc packages.

For the detailed security status of opensc please refer to
its security tracker page at:
  https://security-tracker.debian.org/tracker/opensc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS